The risks of IoT
Although it has been with us in some form and under different names for many years, the Internet of Things (IoT) is becoming the thing when it comes to tech and evolution. The ability to connect, communicate with, and remotely manage an infinite number of networked, automated devices via the Internet is becoming widespread.
The transition from closed networks to enterprise IT networks to the public Internet is accelerating and is raising alarms about security. As we become increasingly reliant on intelligent, interconnected devices in every aspect of our lives, security is very much a central issue for the Internet of Things.
Despite the opportunities of IoT, there are many risks that must be considered. Here are five of the many risks that will be essential in an Internet of Things world, as well as some recommendations to help companies prepare for the challenge.
- Understanding the complexity
Imagine using an IoT device like a simple thermostat to control the temperature of your home. Most of these devices can tell if you are away from your home, If attackers were to compromise the device, they could turn on the heat in the summer or shut the heat off during winter when temperatures are below 0 degrees. Imagine Nuclear power plants and data centers using IoT devices to automate their controls and being compromised. Understanding the complexity of vulnerabilities, and how serious of a threat they pose is going to become a huge challenge. To mitigate the risk, any project involving IoT devices must be designed with security in mind, and incorporate security controls. Because these devices will have hardware platforms and software that enterprises may never had insight into before, the types of vulnerabilities may be unlike anything organizations have dealt with previously.This is why it’s critical not to underestimate the elevated risks of many IoT devices.
- Vulnerability management
Another big challenge for enterprises in an IoT environment will be learning how to quickly patch IoT device vulnerabilities and how to prioritize them. Because most IoT devices require a firmware update in order to patch the vulnerability, the task can be hard to accomplish in real time. For example, if a printer requires firmware upgrading, IT departments are unlikely to be able to apply a patch as quickly as they would in a server or desktop system. Upgrading custom firmware often requires extra time and effort.
- Identifying security controls
In the IT world, redundancy is critical. If one product fails, another is there to take over. The concept of layered security works similarly, but we still have to see how well enterprises can layer security and redundancy to manage IoT risk.
The challenge will be identifying where security controls are needed for Internet-connected devices, and then implementing effective controls. Given the diversity that will exist among these devices, organizations will need to conduct customized risk assessments, often relying on third-party expertise, to identify what the risks are and how best to contain them.
- Disruption and denial-of-service attacks
Disruptive cyberattacks, such as distributed denial-of-service attacks, could have bad consequences for an enterprise. If thousands of IoT devices try to access a corporate website or data service feed that isn’t available, a company’s happy customers will become frustrated, resulting in revenue loss, customer dissatisfaction and potentially poor reception in the market.
Also, many of the challenges to IoT are similar to those found in a bring your own device environment. Capabilities for managing lost or stolen devices will be critical for dealing with compromised IoT devices, so having this enterprise strategy in place will help mitigate the risks of corporate data ending up in the wrong hands.
- Security analytics capabilities
The variety of new devices connecting to the Internet will create a flood of data for enterprises to collect, process and analyze. While certainly organizations will identify new business opportunities based on this data, new risks emerge as well.
Organizations must also be able to identify legitimate and malicious traffic patterns on IoT devices. The best analytical tools and algorithms will not only detect malicious activity, but also improve customer support efforts and improve the services being offered to the customers. To prepare for these challenges, enterprises must build the right set of tools and processes required to provide adequate security analytics capabilities.
The Internet of Things has the potential to bring together every aspect of different networks. Therefore, security at both the device and network levels is critical to the operation of IoT. The same intelligence that enables devices to perform their tasks must also enable them to recognize and counteract threats.
Photo source: http://smartdatacollective.com/sites/smartdatacollective.com/files/IoT%202.png